Mostrar el registro sencillo del ítem

dc.contributor.authorVargas, S
dc.contributor.authorVera, M
dc.contributor.authorRodríguez, J
dc.description.abstractIn recent years, Higher Education Institutions through their Systems departments have strengthened security for the development of applications on web environment, because of their vulnerability to possible computer attacks. This research proposes a security strategy to reduce the risk presented by the web applications developed in the systems department of the Simón Bolívar University, in San José de Cúcuta, Colombia, based on a diagnosis of the current state of its security policy compared to other institutions of the department of Norte de Santander, the analysis of current regulations and the state of the art of security in web applications, as an object of study. This strategy of safe web software development arises in order to establish the security parameters that should be applied by the web software developers of the Institution, shielding the developed applications and thus guaranteeing the integrity of the information that is manipulated through them. The strategy was validated through expert judgment in the field of web application development, emphasizing the importance of applying it to prevent vulnerabilities in institutional web software and thus provide greater reliability in the management of information.eng
dc.publisherIOP Publishingeng
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 Internacional*
dc.sourceJournal of Physics: Conference Serieseng
dc.sourceVol. 1414 (2019)eng
dc.subjectWeb environmenteng
dc.subjectSecurity policyeng
dc.titleSecurity strategy for vulnerabilities prevention in the development of web applicationseng
dcterms.referencesCanedo G, Flores M, Hill A, Martinez M, Papaleo M, Soarez N and Targetta C 2017 Secure coding practices guide (Lisbon: OWASP foundation)eng
dcterms.referencesBooch G, Jacobson I and Rumbaugh J 2000 El proceso unificado de desarrollo de software (Madrid: Addison Wesley)spa
dcterms.referencesBermejo J R 2014 Assessment methodology of web applications automatic security analysis tools for adaptation in the development life cycle (Madrid: Universidad Nacional de Educación a Distancia)eng
dcterms.referencesGoseva-Popstojanova K and Perhinschi A 2015 On the capability of static code analysis to detect security vulnerabilities Information and Software Technology 68 18eng
dcterms.referencesDaud M I 2010 Secure software development model: A guide for secure software life cycle International Multi Conference of Engineers and Computer Scientists (Hong Kong: IMECS) p 17eng
dcterms.referencesHope P and White P 2007 Software security requirements the foundation for security (Dulles: Cigital Inc.)eng
dcterms.referencesCommon Criteria for Information Technology Security Evaluation 2005 Part 2: Security functional requirements, version 2.3 (United States and other countries: Common Criteria)eng
dcterms.referencesRuiz R 2006 Historia y evolución del pensamiento científico (México: Martínez Coll Ediciones)spa
dcterms.referencesSmith M and Dehlinger J 2014 Enabling static security vulnerability analysis in PHP applications for novice developers with SSVChecker Conference on Research in Adaptive and Convergent Systems (New York: ACM DL) p 278eng
dcterms.referencesOkubo T and Tanaka H 2008 Web security patterns for analysis and design 15th Conference on Pattern Languages of Programs (Nashville: ACM DL) p 25eng
dcterms.referencesMundada Y, Feamster N and Krishnamurthy B 2016 Half-baked cookies: Hardening cookie-based authentication for the modern web 11th ACM on Asia Conference on Computer and Communications Security (New York: ACM DL) p 675eng
dcterms.referencesNeville-Neil G V 2007 Building secure web applications ACM Queue 5 22eng
dcterms.referencesLi X and Xue Y 2014 A survey on server-side approaches to securing web applications ACM Computer Surveys 46 54eng
dcterms.referencesHernandez E 1999 Auditoría en informática (México: CECSA)spa
dcterms.referencesCao Y, Li Z, Rastogi V, Chen Y and Wen X 2012 Virtual browser: A virtualized browser to sandbox thirdparty javascripts with enhanced security 7th ACM Symposium on Information, Computer and Communications Security (Seoul: ACM DL) p 8eng
dcterms.referencesMavromoustakos S, Patel A, Chaudhary K, Chokshi P and Patel S 2016 Causes and prevention of SQL injection attacks in web applications 4th International Conference on Information and Network Security (New York: ACM DL) p 55eng
dcterms.referencesYao D, Koglin Y, Bertino E and Tamassia R 2007 Decentralized authorization and data security in web content delivery ACM Symposium on Applied Computing (Seoul: ACM DL) p 1654eng
dcterms.referencesDowd M, McDonald J, Schuh J 2007 The art of software security assessment: Identifying and preventing software vulnerabilities (Mexico: Addison Wesley)eng

Ficheros en el ítem


Este ítem aparece en la(s) siguiente(s) colección(ones)

  • Artículos
    Artículos científicos evaluados por pares

Mostrar el registro sencillo del ítem

Attribution-NonCommercial-NoDerivatives 4.0 Internacional
Excepto si se señala otra cosa, la licencia del ítem se describe como Attribution-NonCommercial-NoDerivatives 4.0 Internacional